[tor-bugs] #33545 [Core Tor/Tor]: assertion failure when "all zero" client auth key provided
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 6 16:32:04 UTC 2020
#33545: assertion failure when "all zero" client auth key provided
------------------------------+------------------------------------
Reporter: mcs | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.4.4.0-alpha-dev
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------------
While doing some Tor Browser testing for Sponsor 27, I experienced the
following after I intentionally used an incorrect client auth key for a v3
onion service:
{{{
... [err] tor_assertion_failed_: Bug: src/feature/hs/hs_descriptor.c:1423:
decrypt_descriptor_cookie: Assertion !fast_mem_is_zero((char *)
client_auth_sk, sizeof(*client_auth_sk)) failed; aborting. (on Tor 0.4.4.0
-alpha-dev 1da0b05a5cace6ed)
}}}
As it turns out, I happened to enter a key that is consists entirely of
zero bits. This is an unusual thing to do, but I do not think tor should
exit.
Steps to reproduce in Tor Browser:
1. Try to load an http or https page for a v3 onion service that requires
client authentication, e.g., dgoulet's test server.
2. Enter 56 'A's when prompted for a client auth key.
Result: tor exits due to the assertion failure. Behind the scenes, the
browser installs the key via a control port command like the following:
{{{
onion_client_auth_add <onion-addr>
x25519:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
}}}
and then tries to access the onion service again (page reload).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33545>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list